SlideShare a Scribd company logo

PostgreSQL instance encryption: More database security

H
Hans-Jürgen Schönig

By default PostgreSQL will store data on disk in its standard format. However, in many cases business or legal requirements require data to on disk be encrypted. On disk-encryption was paid for by German industry and is a classical case showing how business and Open Source can coexist. This talk shows, that it can be actually cheaper to implement a feature into an Open Source product than to license a commercial product such as Oracle, DB2, Informix, or MS SQL Server. Open Source can make a valuable contribution to save costs for everybody.

Data & Analytics
1 of 21
Download to read offline
Full PostgreSQL instance encryption Hans-Jürgen Schönig www.postgresql-support.de Hans-Jürgen Schönig www.postgresql-support.de
First of all Hans-Jürgen Schönig www.postgresql-support.de
Did . . . Did everybody have a good time in Tallinn? Hans-Jürgen Schönig www.postgresql-support.de
Introduction Hans-Jürgen Schönig www.postgresql-support.de
Cybertec Schönig & Schönig GmbH 24x7 support for PostgreSQL PostgreSQL training PostgreSQL consulting Hans-Jürgen Schönig www.postgresql-support.de
Get more out of PostgreSQL Hans-Jürgen Schönig www.postgresql-support.de
PostgreSQL features PostgreSQL provides many features Many “Enterprise” features are available e.g. replication, analytics, etc. Hans-Jürgen Schönig www.postgresql-support.de
Missing stuff Nothing is feature complete Once in a while everybody finds missing parts Hans-Jürgen Schönig www.postgresql-support.de
Sponsoring vs. licensing Remember, PostgreSQL is Open Source Sponsoring a feature is often cheaper than buying commercial licenses No need to chain yourself to a commercial vendor Hans-Jürgen Schönig www.postgresql-support.de
Database encryption: An example Hans-Jürgen Schönig www.postgresql-support.de
Specific customer requirements Customer could only provide encryption based on expensive commercial software Encryption is needed to fulfill legal and internal requirements Hans-Jürgen Schönig www.postgresql-support.de
Making it work Implement highly optimized code to handle encryption on the block level in PostgreSQL Totally transparent to the end user Keys can be stored in a key store of your choice Hans-Jürgen Schönig www.postgresql-support.de
What it does We encrypt: Tables Indexes Temporary files Full WAL encryption Commit Log (clog) More stuff: Subtransaction directories, MultiXact . . . What we do not encrypt (yet): pg_stat_statements, logical replication buffers, control data (on purpose) Hans-Jürgen Schönig www.postgresql-support.de
Encryption technology Extensible mechanism Included in pgcrypto: AES-XTS 128 Future versions will use Intel hardware support Current prototype does 4 GB / sec per core ! Hans-Jürgen Schönig www.postgresql-support.de
Good news We all got encryption now Not yet in core but available to end users already with full professional support Patch on hackers Anybody willing to feedback? Hans-Jürgen Schönig www.postgresql-support.de
Commercial success Writing code + integrating was cheaper than just integrating commercial stuff Makes sense for everybody Customer Community Hans-Jürgen Schönig www.postgresql-support.de
What we learn from this Have the guts and the conviction to do what is right Think for yourself Find solutions to YOUR problems Do not change your requirements just because some commercial vendor forces you to do so Benefit from Open Source Invest wisely Hans-Jürgen Schönig www.postgresql-support.de
Where can we get the code? Our website has the code: http://www.cybertec.at/en/products/postgresql-instance- level-encryption/ It is under PostgreSQL license Hans-Jürgen Schönig www.postgresql-support.de
Finally Hans-Jürgen Schönig www.postgresql-support.de
Any questions? Feel free to ask Hans-Jürgen Schönig www.postgresql-support.de
Contact us Cybertec Schönig & Schönig GmbH Email: office@cybertec.at Web: www.postgresql-support.de Follow us on Twitter: @PostgresSupport Hans-Jürgen Schönig www.postgresql-support.de

Recommended

PostgreSQL Replication Tutorial
PostgreSQL Replication TutorialPostgreSQL Replication Tutorial
PostgreSQL Replication TutorialHans-Jürgen Schönig
 
PostgreSQL High_Performance_Cheatsheet
PostgreSQL High_Performance_CheatsheetPostgreSQL High_Performance_Cheatsheet
PostgreSQL High_Performance_CheatsheetLucian Oprea
 
Troubleshooting PostgreSQL with pgCenter
Troubleshooting PostgreSQL with pgCenterTroubleshooting PostgreSQL with pgCenter
Troubleshooting PostgreSQL with pgCenterAlexey Lesovsky
 
Postgres
PostgresPostgres
PostgresJeff Dickey
 
Как PostgreSQL работает с диском
Как PostgreSQL работает с дискомКак PostgreSQL работает с диском
Как PostgreSQL работает с дискомPostgreSQL-Consulting
 
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015PostgreSQL-Consulting
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsCommand Prompt., Inc
 
Http Caching for the Android Aficionado
Http Caching for the Android AficionadoHttp Caching for the Android Aficionado
Http Caching for the Android AficionadoPaul Blundell
 

Recommended

PostgreSQL Replication Tutorial
PostgreSQL Replication TutorialPostgreSQL Replication Tutorial
PostgreSQL Replication TutorialHans-Jürgen Schönig
 
PostgreSQL High_Performance_Cheatsheet
PostgreSQL High_Performance_CheatsheetPostgreSQL High_Performance_Cheatsheet
PostgreSQL High_Performance_CheatsheetLucian Oprea
 
Troubleshooting PostgreSQL with pgCenter
Troubleshooting PostgreSQL with pgCenterTroubleshooting PostgreSQL with pgCenter
Troubleshooting PostgreSQL with pgCenterAlexey Lesovsky
 
Postgres
PostgresPostgres
PostgresJeff Dickey
 
Как PostgreSQL работает с диском
Как PostgreSQL работает с дискомКак PostgreSQL работает с диском
Как PostgreSQL работает с дискомPostgreSQL-Consulting
 
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015PostgreSQL-Consulting
 
PostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsPostgreSQL Administration for System Administrators
PostgreSQL Administration for System AdministratorsCommand Prompt., Inc
 
Http Caching for the Android Aficionado
Http Caching for the Android AficionadoHttp Caching for the Android Aficionado
Http Caching for the Android AficionadoPaul Blundell
 
Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko PlesacInfinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko PlesacInfinum
 
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL VacuumNine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL VacuumAlexey Lesovsky
 
To Ksql Or Live the KStream
To Ksql Or Live the KStreamTo Ksql Or Live the KStream
To Ksql Or Live the KStreamDani Traphagen
 
Chef patterns
Chef patternsChef patterns
Chef patternsBiju Nair
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetAlexey Lesovsky
 
Clug 2012 March web server optimisation
Clug 2012 March web server optimisationClug 2012 March web server optimisation
Clug 2012 March web server optimisationgrooverdan
 
Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)Denish Patel
 
MySQL Replication
MySQL ReplicationMySQL Replication
MySQL Replicationorczhou
 
Tuning Linux for Databases.
Tuning Linux for Databases.Tuning Linux for Databases.
Tuning Linux for Databases.Alexey Lesovsky
 
Java In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and PittfallsJava In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and Pittfallscruftex
 
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre RecoveryWebinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre RecoveryMongoDB
 
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...Ontico
 
Odoo Performance Limits
Odoo Performance LimitsOdoo Performance Limits
Odoo Performance LimitsOdoo
 
Caching. api. http 1.1
Caching. api. http 1.1Caching. api. http 1.1
Caching. api. http 1.1Artjoker Digital
 
Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013BertrandDrouvot
 
Oracle: Binding versus caging
Oracle: Binding versus cagingOracle: Binding versus caging
Oracle: Binding versus cagingBertrandDrouvot
 
...Lag
...Lag...Lag
...LagSamantha Billington
 
Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Kyle Hailey
 
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016Gulcin Yildirim Jelinek
 
PostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tablesPostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tablesHans-Jürgen Schönig
 
5min analyse
5min analyse5min analyse
5min analyseHans-Jürgen Schönig
 
PostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total SecurityPostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total SecurityRobert Bernier
 

More Related Content

What's hot

Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko PlesacInfinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko PlesacInfinum
 
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL VacuumNine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL VacuumAlexey Lesovsky
 
To Ksql Or Live the KStream
To Ksql Or Live the KStreamTo Ksql Or Live the KStream
To Ksql Or Live the KStreamDani Traphagen
 
Chef patterns
Chef patternsChef patterns
Chef patternsBiju Nair
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetAlexey Lesovsky
 
Clug 2012 March web server optimisation
Clug 2012 March web server optimisationClug 2012 March web server optimisation
Clug 2012 March web server optimisationgrooverdan
 
Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)Denish Patel
 
MySQL Replication
MySQL ReplicationMySQL Replication
MySQL Replicationorczhou
 
Tuning Linux for Databases.
Tuning Linux for Databases.Tuning Linux for Databases.
Tuning Linux for Databases.Alexey Lesovsky
 
Java In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and PittfallsJava In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and Pittfallscruftex
 
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre RecoveryWebinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre RecoveryMongoDB
 
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...Ontico
 
Odoo Performance Limits
Odoo Performance LimitsOdoo Performance Limits
Odoo Performance LimitsOdoo
 
Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013BertrandDrouvot
 
Oracle: Binding versus caging
Oracle: Binding versus cagingOracle: Binding versus caging
Oracle: Binding versus cagingBertrandDrouvot
 
Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Kyle Hailey
 
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016Gulcin Yildirim Jelinek
 

What's hot (19)

Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko PlesacInfinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
 
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL VacuumNine Circles of Inferno or Explaining the PostgreSQL Vacuum
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
 
To Ksql Or Live the KStream
To Ksql Or Live the KStreamTo Ksql Or Live the KStream
To Ksql Or Live the KStream
 
Chef patterns
Chef patternsChef patterns
Chef patterns
 
PostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication CheatsheetPostgreSQL Streaming Replication Cheatsheet
PostgreSQL Streaming Replication Cheatsheet
 
Clug 2012 March web server optimisation
Clug 2012 March web server optimisationClug 2012 March web server optimisation
Clug 2012 March web server optimisation
 
Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)Out of the box replication in postgres 9.4(pg confus)
Out of the box replication in postgres 9.4(pg confus)
 
MySQL Replication
MySQL ReplicationMySQL Replication
MySQL Replication
 
Tuning Linux for Databases.
Tuning Linux for Databases.Tuning Linux for Databases.
Tuning Linux for Databases.
 
Java In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and PittfallsJava In-Process Caching - Performance, Progress and Pittfalls
Java In-Process Caching - Performance, Progress and Pittfalls
 
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre RecoveryWebinar: Tales from the Field - 48 Hours to Data Centre Recovery
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
 
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...100500 способов кэширования в Oracle Database или как достичь максимальной ск...
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
 
Odoo Performance Limits
Odoo Performance LimitsOdoo Performance Limits
Odoo Performance Limits
 
Caching. api. http 1.1
Caching. api. http 1.1Caching. api. http 1.1
Caching. api. http 1.1
 
Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013Example R usage for oracle DBA UKOUG 2013
Example R usage for oracle DBA UKOUG 2013
 
Oracle: Binding versus caging
Oracle: Binding versus cagingOracle: Binding versus caging
Oracle: Binding versus caging
 
...Lag
...Lag...Lag
...Lag
 
Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle
 
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
 

Viewers also liked

PostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tablesPostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tablesHans-Jürgen Schönig
 
PostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total SecurityPostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total SecurityRobert Bernier
 
Walbouncer: Filtering PostgreSQL transaction log
Walbouncer: Filtering PostgreSQL transaction logWalbouncer: Filtering PostgreSQL transaction log
Walbouncer: Filtering PostgreSQL transaction logHans-Jürgen Schönig
 
PostgreSQL: Eigene Aggregate schreiben
PostgreSQL: Eigene Aggregate schreibenPostgreSQL: Eigene Aggregate schreiben
PostgreSQL: Eigene Aggregate schreibenHans-Jürgen Schönig
 
Security Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentSecurity Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentPGConf APAC
 
PostgreSQL: Data analysis and analytics
PostgreSQL: Data analysis and analyticsPostgreSQL: Data analysis and analytics
PostgreSQL: Data analysis and analyticsHans-Jürgen Schönig
 

Viewers also liked (11)

PostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tablesPostgreSQL: Joining 1 million tables
PostgreSQL: Joining 1 million tables
 
5min analyse
5min analyse5min analyse
5min analyse
 
PostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total SecurityPostgreSQL: Welcome To Total Security
PostgreSQL: Welcome To Total Security
 
Walbouncer: Filtering PostgreSQL transaction log
Walbouncer: Filtering PostgreSQL transaction logWalbouncer: Filtering PostgreSQL transaction log
Walbouncer: Filtering PostgreSQL transaction log
 
Explain explain
Explain explainExplain explain
Explain explain
 
PostgreSQL: Eigene Aggregate schreiben
PostgreSQL: Eigene Aggregate schreibenPostgreSQL: Eigene Aggregate schreiben
PostgreSQL: Eigene Aggregate schreiben
 
PostgreSQL: The NoSQL way
PostgreSQL: The NoSQL wayPostgreSQL: The NoSQL way
PostgreSQL: The NoSQL way
 
PostgreSQL: Advanced indexing
PostgreSQL: Advanced indexingPostgreSQL: Advanced indexing
PostgreSQL: Advanced indexing
 
Secure PostgreSQL deployment
Secure PostgreSQL deploymentSecure PostgreSQL deployment
Secure PostgreSQL deployment
 
Security Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentSecurity Best Practices for your Postgres Deployment
Security Best Practices for your Postgres Deployment
 
PostgreSQL: Data analysis and analytics
PostgreSQL: Data analysis and analyticsPostgreSQL: Data analysis and analytics
PostgreSQL: Data analysis and analytics
 

Similar to PostgreSQL instance encryption: More database security

NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...GetInData
 
ScriptRunner introduction
ScriptRunner introductionScriptRunner introduction
ScriptRunner introductionHeiko Brenn
 
Mpole system introduction 2018
Mpole system introduction 2018Mpole system introduction 2018
Mpole system introduction 2018Guisun Han
 
Disruptive Innovation at Cloudflare
Disruptive Innovation at CloudflareDisruptive Innovation at Cloudflare
Disruptive Innovation at CloudflareZack Bloom
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure DevelopmentBosnia Agile
 
DevOps Days Austin 2014 - Vendor DEMO
DevOps Days Austin 2014 - Vendor DEMODevOps Days Austin 2014 - Vendor DEMO
DevOps Days Austin 2014 - Vendor DEMOstonevil
 
Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'Anton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
Pinterest - Big Data Machine Learning Platform at Pinterest
Pinterest - Big Data Machine Learning Platform at PinterestPinterest - Big Data Machine Learning Platform at Pinterest
Pinterest - Big Data Machine Learning Platform at PinterestAlluxio, Inc.
 
Predicting Startup Market Trends based on the news and social media - Albert ...
Predicting Startup Market Trends based on the news and social media - Albert ...Predicting Startup Market Trends based on the news and social media - Albert ...
Predicting Startup Market Trends based on the news and social media - Albert ...GetInData
 
Digital Signage for Retail
Digital Signage for RetailDigital Signage for Retail
Digital Signage for Retaildsignguy
 
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...Bloombase
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your websiteShawn DeWolfe
 
Digital Signage for Auto Retailers
Digital Signage for Auto RetailersDigital Signage for Auto Retailers
Digital Signage for Auto Retailersdsignguy
 
Digital Signage for Public Spaces
Digital Signage for Public SpacesDigital Signage for Public Spaces
Digital Signage for Public Spacesdsignguy
 
SaaS - Software as a Service - Charles University - Prague - March 2013
SaaS - Software as a Service - Charles University - Prague - March 2013SaaS - Software as a Service - Charles University - Prague - March 2013
SaaS - Software as a Service - Charles University - Prague - March 2013Jaroslav Gergic
 
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® GraphicsGetting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® GraphicsIntel® Software
 
LeanJS - Lean startup with JavaScript
LeanJS - Lean startup with JavaScriptLeanJS - Lean startup with JavaScript
LeanJS - Lean startup with JavaScriptJohannes Weber
 
PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017Ohyama Masanori
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesPriyanka Aash
 

Similar to PostgreSQL instance encryption: More database security (20)

NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
 
ScriptRunner introduction
ScriptRunner introductionScriptRunner introduction
ScriptRunner introduction
 
Mpole system introduction 2018
Mpole system introduction 2018Mpole system introduction 2018
Mpole system introduction 2018
 
Disruptive Innovation at Cloudflare
Disruptive Innovation at CloudflareDisruptive Innovation at Cloudflare
Disruptive Innovation at Cloudflare
 
Agile Secure Development
Agile Secure DevelopmentAgile Secure Development
Agile Secure Development
 
DevOps Days Austin 2014 - Vendor DEMO
DevOps Days Austin 2014 - Vendor DEMODevOps Days Austin 2014 - Vendor DEMO
DevOps Days Austin 2014 - Vendor DEMO
 
Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'Anton's Log Management 'Worst Practices'
Anton's Log Management 'Worst Practices'
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
Pinterest - Big Data Machine Learning Platform at Pinterest
Pinterest - Big Data Machine Learning Platform at PinterestPinterest - Big Data Machine Learning Platform at Pinterest
Pinterest - Big Data Machine Learning Platform at Pinterest
 
Predicting Startup Market Trends based on the news and social media - Albert ...
Predicting Startup Market Trends based on the news and social media - Albert ...Predicting Startup Market Trends based on the news and social media - Albert ...
Predicting Startup Market Trends based on the news and social media - Albert ...
 
Digital Signage for Retail
Digital Signage for RetailDigital Signage for Retail
Digital Signage for Retail
 
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
 
Care and feeding of your website
Care and feeding of your websiteCare and feeding of your website
Care and feeding of your website
 
Digital Signage for Auto Retailers
Digital Signage for Auto RetailersDigital Signage for Auto Retailers
Digital Signage for Auto Retailers
 
Digital Signage for Public Spaces
Digital Signage for Public SpacesDigital Signage for Public Spaces
Digital Signage for Public Spaces
 
SaaS - Software as a Service - Charles University - Prague - March 2013
SaaS - Software as a Service - Charles University - Prague - March 2013SaaS - Software as a Service - Charles University - Prague - March 2013
SaaS - Software as a Service - Charles University - Prague - March 2013
 
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® GraphicsGetting Space Pirate Trainer* to Perform on Intel® Graphics
Getting Space Pirate Trainer* to Perform on Intel® Graphics
 
LeanJS - Lean startup with JavaScript
LeanJS - Lean startup with JavaScriptLeanJS - Lean startup with JavaScript
LeanJS - Lean startup with JavaScript
 
PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017
 
Demystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use CasesDemystifying Security Analytics: Data, Methods, Use Cases
Demystifying Security Analytics: Data, Methods, Use Cases
 

Recently uploaded

9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort servicejennyeacort
 
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样vhwb25kk
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queensdataanalyticsqueen03
 
Defining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryDefining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryJeremy Anderson
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degreeyuu sss
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDRafezzaman
 
Student Profile Sample report on improving academic performance by uniting gr...
Student Profile Sample report on improving academic performance by uniting gr...Student Profile Sample report on improving academic performance by uniting gr...
Student Profile Sample report on improving academic performance by uniting gr...Seán Kennedy
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档208367051
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.natarajan8993
 
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...Thomas Poetter
 
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理e4aez8ss
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfBoston Institute of Analytics
 
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...ssuserf63bd7
 
Learn How Data Science Changes Our World
Learn How Data Science Changes Our WorldLearn How Data Science Changes Our World
Learn How Data Science Changes Our WorldEduminds Learning
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTBoston Institute of Analytics
 
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一F La
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectBoston Institute of Analytics
 
Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 217djon017
 

Recently uploaded (20)

9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
9711147426✨Call In girls Gurgaon Sector 31. SCO 25 escort service
 
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
1:1定制(UQ毕业证)昆士兰大学毕业证成绩单修改留信学历认证原版一模一样
 
Top 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In QueensTop 5 Best Data Analytics Courses In Queens
Top 5 Best Data Analytics Courses In Queens
 
Defining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data StoryDefining Constituents, Data Vizzes and Telling a Data Story
Defining Constituents, Data Vizzes and Telling a Data Story
 
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
毕业文凭制作#回国入职#diploma#degree澳洲中央昆士兰大学毕业证成绩单pdf电子版制作修改#毕业文凭制作#回国入职#diploma#degree
 
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTDINTERNSHIP ON PURBASHA COMPOSITE TEX LTD
INTERNSHIP ON PURBASHA COMPOSITE TEX LTD
 
Student Profile Sample report on improving academic performance by uniting gr...
Student Profile Sample report on improving academic performance by uniting gr...Student Profile Sample report on improving academic performance by uniting gr...
Student Profile Sample report on improving academic performance by uniting gr...
 
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
原版1:1定制南十字星大学毕业证(SCU毕业证)#文凭成绩单#真实留信学历认证永久存档
 
RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.RABBIT: A CLI tool for identifying bots based on their GitHub events.
RABBIT: A CLI tool for identifying bots based on their GitHub events.
 
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...
Minimizing AI Hallucinations/Confabulations and the Path towards AGI with Exa...
 
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
科罗拉多大学波尔得分校毕业证学位证成绩单-可办理
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdfPredicting Salary Using Data Science: A Comprehensive Analysis.pdf
Predicting Salary Using Data Science: A Comprehensive Analysis.pdf
 
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...
Statistics, Data Analysis, and Decision Modeling, 5th edition by James R. Eva...
 
Learn How Data Science Changes Our World
Learn How Data Science Changes Our WorldLearn How Data Science Changes Our World
Learn How Data Science Changes Our World
 
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPTPredictive Analysis for Loan Default Presentation : Data Analysis Project PPT
Predictive Analysis for Loan Default Presentation : Data Analysis Project PPT
 
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
办理(UWIC毕业证书)英国卡迪夫城市大学毕业证成绩单原版一比一
 
Heart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis ProjectHeart Disease Classification Report: A Data Analysis Project
Heart Disease Classification Report: A Data Analysis Project
 
Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2Easter Eggs From Star Wars and in cars 1 and 2
Easter Eggs From Star Wars and in cars 1 and 2
 

PostgreSQL instance encryption: More database security

  • 1. Full PostgreSQL instance encryption Hans-Jürgen Schönig www.postgresql-support.de Hans-Jürgen Schönig www.postgresql-support.de
  • 2. First of all Hans-Jürgen Schönig www.postgresql-support.de
  • 3. Did . . . Did everybody have a good time in Tallinn? Hans-Jürgen Schönig www.postgresql-support.de
  • 5. Cybertec Schönig & Schönig GmbH 24x7 support for PostgreSQL PostgreSQL training PostgreSQL consulting Hans-Jürgen Schönig www.postgresql-support.de
  • 6. Get more out of PostgreSQL Hans-Jürgen Schönig www.postgresql-support.de
  • 7. PostgreSQL features PostgreSQL provides many features Many “Enterprise” features are available e.g. replication, analytics, etc. Hans-Jürgen Schönig www.postgresql-support.de
  • 8. Missing stuff Nothing is feature complete Once in a while everybody finds missing parts Hans-Jürgen Schönig www.postgresql-support.de
  • 9. Sponsoring vs. licensing Remember, PostgreSQL is Open Source Sponsoring a feature is often cheaper than buying commercial licenses No need to chain yourself to a commercial vendor Hans-Jürgen Schönig www.postgresql-support.de
  • 10. Database encryption: An example Hans-Jürgen Schönig www.postgresql-support.de
  • 11. Specific customer requirements Customer could only provide encryption based on expensive commercial software Encryption is needed to fulfill legal and internal requirements Hans-Jürgen Schönig www.postgresql-support.de
  • 12. Making it work Implement highly optimized code to handle encryption on the block level in PostgreSQL Totally transparent to the end user Keys can be stored in a key store of your choice Hans-Jürgen Schönig www.postgresql-support.de
  • 13. What it does We encrypt: Tables Indexes Temporary files Full WAL encryption Commit Log (clog) More stuff: Subtransaction directories, MultiXact . . . What we do not encrypt (yet): pg_stat_statements, logical replication buffers, control data (on purpose) Hans-Jürgen Schönig www.postgresql-support.de
  • 14. Encryption technology Extensible mechanism Included in pgcrypto: AES-XTS 128 Future versions will use Intel hardware support Current prototype does 4 GB / sec per core ! Hans-Jürgen Schönig www.postgresql-support.de
  • 15. Good news We all got encryption now Not yet in core but available to end users already with full professional support Patch on hackers Anybody willing to feedback? Hans-Jürgen Schönig www.postgresql-support.de
  • 16. Commercial success Writing code + integrating was cheaper than just integrating commercial stuff Makes sense for everybody Customer Community Hans-Jürgen Schönig www.postgresql-support.de
  • 17. What we learn from this Have the guts and the conviction to do what is right Think for yourself Find solutions to YOUR problems Do not change your requirements just because some commercial vendor forces you to do so Benefit from Open Source Invest wisely Hans-Jürgen Schönig www.postgresql-support.de
  • 18. Where can we get the code? Our website has the code: http://www.cybertec.at/en/products/postgresql-instance- level-encryption/ It is under PostgreSQL license Hans-Jürgen Schönig www.postgresql-support.de
  • 20. Any questions? Feel free to ask Hans-Jürgen Schönig www.postgresql-support.de
  • 21. Contact us Cybertec Schönig & Schönig GmbH Email: office@cybertec.at Web: www.postgresql-support.de Follow us on Twitter: @PostgresSupport Hans-Jürgen Schönig www.postgresql-support.de